On 18/03/2012 21:48, Reindl Harald wrote:
Am 18.03.2012 22:24, schrieb Aero Maxx:On 18/03/2012 13:44, Reindl Harald wrote:Am 18.03.2012 14:34, schrieb Aero Maxx:[Sun Mar 18 03:48:31 2012] [error] [client 192.168.0.103] ModSecurity: Warning. Operator GE matched 15 at TX:outbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "38"] [msg "Outbound Anomaly Score Exceeded (score 15): The application is not available"] [hostname "www.wordpress.beta"] [uri "/index.php"] [unique_id "T2VbD1IRn4QAACJXLNQAAAAB"] How would I go about fixing that ? so i can have virtual hosts that modsecurity doesn't complain about?SecResponseBodyAccess Off SecResponseBodyAccess does mostly introduce more problems as it can ever solve - you saw the "Outbound Anomaly Score Exceeded"Where abouts is a good place to put that ?cat /etc/httpd/modsecurity.d/modsecurity_10_config.conf SecRuleEngine On SecRequestBodyAccess On SecRequestBodyInMemoryLimit 1048576 SecResponseBodyAccess Off SecServerSignature "not disclosed" SecUploadDir /tmp SecUploadKeepFiles Off SecArgumentSeparator "&" SecCookieFormat 0 SecPcreMatchLimit 150000 SecPcreMatchLimitRecursion 150000 SecAuditEngine Off SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogType Serial SecAuditLog logs/modsec_audit.log SecAuditLogParts "ABIFHKZ" SecDebugLog logs/modsec_debug.log SecDebugLogLevel 0 SecDataDir /tmp SecTmpDir /tmp SecDefaultAction "phase:2,deny,log" I didn't have any of what you posted in that file I had something slightly different for SecDefaultAction. I have added SecResponseBodyAccess Off to this file, would you recommend I add all of it ? my file seems a lot different to yours, in that its named differently (modsecurity_crs_10_config.conf) and has some bits commented out which could be smiliar to what you have in your file. But I am still getting the same problem as before in that it will start at boot, but I cant access it until I have killed the process and have to start it again myself. I get this error aswell sometimes, but a restart of apache fixes this also, so unsure how it likes it sometimes but doesn't at others. [Mon Mar 19 10:04:13 2012] [error] [client 192.168.0.103] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 5, SQLi=, XSS=): Host header is a numeric IP address"] [hostname "192.168.0.104"] [uri "/error/noindex.html"] [unique_id "T2cEnVIRn4QAAAhvuzsAAAAG"] Thanks Daniel. |
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org